Patent application number | Description | Published |
20120317570 | SYSTEM AND METHOD FOR VIRTUAL PARTITION MONITORING - A method is provided in one example embodiment that includes receiving in an external handler an event notification associated with an event in a virtual partition. A thread in the process in the virtual partition that caused the event can be parked. Other threads and processes may be allowed to resume while a security handler evaluates the event for potential threats. A helper agent within the virtual partition may be instructed to execute a task, such as collecting and assembling event context within the virtual partition, and results based on the task can be returned to the external handler. A policy action can be taken based on the results returned by the helper agent, which may include, for example, instructing the helper agent to terminate the process that caused the event. | 12-13-2012 |
20130031291 | SYSTEM AND METHOD FOR VIRTUAL PARTITION MONITORING - A method is provided in one example embodiment that includes rebasing a module in a virtual partition to load at a fixed address and storing a hash of a page of memory associated with the fixed address. An external handler may receive a notification associated with an event affecting the page. An internal agent within the virtual partition can execute a task and return results based on the task to the external handler, and a policy action may be taken based on the results returned by the internal agent. In some embodiments, a code portion and a data portion of the page can be identified and only a hash of the code portion is stored. | 01-31-2013 |
20130212581 | System, Method and Computer Program Product for Performing a Security or Maintenance Operation in Association with Virtual Disk Data - A system, method and computer program product are provided for performing a security or maintenance operation in association with virtual disk data accessed independent of a virtual machine. In use, data stored on a virtual disk is accessed at least in part independent of a virtual machine. Further, a security or maintenance operation is performed in association with the accessed data. | 08-15-2013 |
20130275964 | SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR SCANNING DATA UTILIZING ONE OF A PLURALITY OF VIRTUAL MACHINES OF A DEVICE - A system, method, and computer program product are provided for scanning data utilizing one of a plurality of virtual, machines of a device. In use, data to be scanned is identified utilizing a first virtual machine of a device, where the device further includes at least one second virtual machine and a cache shared by the first virtual machine and the second virtual machine. Additionally, it is determined whether the data was previously scanned by the at least one second virtual machine, utilizing the cache. Furthermore, the data is conditionally scanned utilizing the first virtual machine based on the determination. | 10-17-2013 |
20130276107 | BEHAVIORAL TRACKING SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR UNDOING EVENTS BASED ON USER INPUT - A behavioral tracking system, method, and computer program product are provided for undoing events based on user input. In use, a plurality of unclassified events is identified on a system utilizing behavioral tracking. Additionally, input associated with at least one of the unclassified events is received from a user of the system for classifying the at least one of the unclassified events as an unwanted event. Further, the at least one unwanted event is undone in response to the receipt of the input. | 10-17-2013 |
20130276119 | SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR REACTING TO A DETECTION OF AN ATTEMPT BY A PROCESS THAT IS UNKNOWN TO CONTROL A PROCESS THAT IS KNOWN - A system, method, and computer program product are provided for reacting to a detection of an attempt by a process that is unknown to control a process that is known. In operation, an attempt by a first process that is unknown to control a second process that is known is detected. Furthermore, there is a conditional reaction based on the detection. | 10-17-2013 |
20130276120 | SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR DETERMINING WHETHER A SECURITY STATUS OF DATA IS KNOWN AT A SERVER - A system, method, and computer program product are provided for determining whether a security status of data is known at a server. In use, a request for a security status of data is received over a network at a server. Additionally, it is determined whether the security status is known at the server using at least one of a whitelist and a blacklist. Furthermore, a result of the determination is transmitted over the network. | 10-17-2013 |
20130312095 | IDENTIFYING ROOTKITS BASED ON ACCESS PERMISSIONS - A method for monitoring for malware includes, during a boot process on an electronic device, determining a portion of memory, determining that the portion of memory is reserved for exclusive access by an entity on the electronic device, and, based on the determination that a portion of memory is reserved for exclusive access during the boot process, determining that the reservation is indicative of malware. | 11-21-2013 |
20130312099 | Realtime Kernel Object Table and Type Protection - A method for detecting malware includes determining one or more object-oriented components of an electronic device, trapping at a level below all of the operating systems of the electronic device an attempt to access an object-oriented component of the electronic device, determining an entity causing the attempt, accessing one or more security rules, and, based on the security rules, the entity causing the attempt, and the object-oriented component, determining whether the attempted access is indicative of malware. | 11-21-2013 |
20140115652 | Real-Time Module Protection - Technologies for securing an electronic device include trapping an attempt to access a secured system resource of the electronic device, determining a module associated with the attempt, determining a subsection of the module associated with the attempt, the subsection including a memory location associated with the attempt, accessing a security rule to determine whether to allow the attempted access based on the determination of the module and the determination of the subsection, and handling the attempt based on the security rule. The module includes a plurality of distinct subsections. | 04-24-2014 |
20140359762 | BEHAVIORAL TRACKING SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR UNDOING EVENTS BASED ON USER INPUT - A behavioral tracking system, method, and computer program product are provided for undoing events based on user input. In use, a plurality of unclassified events is identified on a system utilizing behavioral tracking. Additionally, input associated with at least one of the unclassified events is received from a user of the system for classifying the at least one of the unclassified events as an unwanted event. Further, the at least one unwanted event is undone in response to the receipt of the input. | 12-04-2014 |